ReactOS 0.4.15-dev-7907-g95bf896
Classes | Macros | Typedefs | Functions | Variables
auth_gss.c File Reference
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <rpc/types.h>
#include <rpc/xdr.h>
#include <rpc/auth.h>
#include <rpc/auth_gss.h>
#include <rpc/clnt.h>
#include <netinet/in.h>
#include <gssapi/gssapi.h>
Include dependency graph for auth_gss.c:

Go to the source code of this file.

Classes

struct  gss_union_ctx_id_t
 
struct  rpc_gss_data
 

Macros

#define AUTH_PRIVATE(auth)   ((struct rpc_gss_data *)auth->ah_private)
 

Typedefs

typedef struct gss_union_ctx_id_t gss_union_ctx_id_desc
 
typedef struct gss_union_ctx_id_tgss_union_ctx_id_t
 

Functions

static void authgss_nextverf ()
 
static bool_t authgss_marshal ()
 
static bool_t authgss_refresh ()
 
static bool_t authgss_validate ()
 
static void authgss_destroy ()
 
static void authgss_destroy_context ()
 
static bool_t authgss_wrap ()
 
static bool_t authgss_unwrap ()
 
AUTHauthgss_create (CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
 
AUTHauthgss_create_default (CLIENT *clnt, char *service, struct rpc_gss_sec *sec)
 
bool_t authgss_get_private_data (AUTH *auth, struct authgss_private_data *pd)
 
static void authgss_nextverf (AUTH *auth)
 
static bool_t authgss_marshal (AUTH *auth, XDR *xdrs)
 
static bool_t authgss_validate (AUTH *auth, struct opaque_auth *verf)
 
static bool_t authgss_refresh (AUTH *auth)
 
bool_t authgss_service (AUTH *auth, int svc)
 
static void authgss_destroy_context (AUTH *auth)
 
static void authgss_destroy (AUTH *auth)
 
bool_t authgss_wrap (AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
 
bool_t authgss_unwrap (AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
 

Variables

static struct auth_ops authgss_ops
 
static struct timeval AUTH_TIMEOUT = { 25, 0 }
 

Macro Definition Documentation

◆ AUTH_PRIVATE

#define AUTH_PRIVATE (   auth)    ((struct rpc_gss_data *)auth->ah_private)

Definition at line 143 of file auth_gss.c.

Typedef Documentation

◆ gss_union_ctx_id_desc

typedef struct gss_union_ctx_id_t gss_union_ctx_id_desc

◆ gss_union_ctx_id_t

typedef struct gss_union_ctx_id_t * gss_union_ctx_id_t

Function Documentation

◆ authgss_create()

AUTH * authgss_create ( CLIENT clnt,
gss_name_t  name,
struct rpc_gss_sec sec 
)

Definition at line 148 of file auth_gss.c.

149{
150 AUTH *auth, *save_auth;
151 struct rpc_gss_data *gd;
152 OM_uint32 min_stat = 0;
153
154 log_debug("in authgss_create()");
155
156 memset(&rpc_createerr, 0, sizeof(rpc_createerr));
157
158 if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
159 rpc_createerr.cf_stat = RPC_SYSTEMERROR;
160 rpc_createerr.cf_error.re_errno = ENOMEM;
161 return (NULL);
162 }
163 if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
164 rpc_createerr.cf_stat = RPC_SYSTEMERROR;
165 rpc_createerr.cf_error.re_errno = ENOMEM;
166 free(auth);
167 return (NULL);
168 }
169#ifdef DEBUG
170 fprintf(stderr, "authgss_create: name is %p\n", name);
171#endif
172 if (name != GSS_C_NO_NAME) {
173 if (gss_duplicate_name(&min_stat, name, &gd->name)
174 != GSS_S_COMPLETE) {
175 rpc_createerr.cf_stat = RPC_SYSTEMERROR;
176 rpc_createerr.cf_error.re_errno = ENOMEM;
177 free(auth);
178 return (NULL);
179 }
180 }
181 else
182 gd->name = name;
183
184#ifdef DEBUG
185 fprintf(stderr, "authgss_create: gd->name is %p\n", gd->name);
186#endif
187 gd->clnt = clnt;
188 gd->ctx = GSS_C_NO_CONTEXT;
189 gd->sec = *sec;
190
191 gd->gc.gc_v = RPCSEC_GSS_VERSION;
192 gd->gc.gc_proc = RPCSEC_GSS_INIT;
193 gd->gc.gc_svc = gd->sec.svc;
194
195 auth->ah_ops = &authgss_ops;
196 auth->ah_private = (caddr_t)gd;
197
198 save_auth = clnt->cl_auth;
199 clnt->cl_auth = auth;
200
201 if (!authgss_refresh(auth))
202 auth = NULL;
203
204 clnt->cl_auth = save_auth;
205
206 return (auth);
207}
ENOMEM
#define ENOMEM
Definition: acclib.h:84
authgss_ops
static struct auth_ops authgss_ops
Definition: auth_gss.c:71
authgss_refresh
static bool_t authgss_refresh()
RPCSEC_GSS_VERSION
#define RPCSEC_GSS_VERSION
Definition: auth_gss.h:80
RPCSEC_GSS_INIT
@ RPCSEC_GSS_INIT
Definition: auth_gss.h:68
log_debug
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
caddr_t
#define caddr_t
Definition: ftp.c:24
RPC_SYSTEMERROR
@ RPC_SYSTEMERROR
Definition: clnt_stat.h:43
free
#define free
Definition: debug_ros.c:5
NULL
#define NULL
Definition: types.h:112
stderr
#define stderr
Definition: stdio.h:100
fprintf
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
calloc
#define calloc
Definition: rosglue.h:14
memset
#define memset(x, y, z)
Definition: compat.h:39
__auth
Definition: auth.h:205
__auth::ah_private
void * ah_private
Definition: auth.h:225
__auth::ah_ops
struct __auth::auth_ops * ah_ops
__rpc_client::cl_auth
AUTH * cl_auth
Definition: clnt.h:122
name
Definition: name.c:39
rpc_createerr
Definition: clnt.h:495
rpc_createerr::cf_error
struct rpc_err cf_error
Definition: clnt.h:497
rpc_createerr::cf_stat
enum clnt_stat cf_stat
Definition: clnt.h:496
rpc_gss_data
Definition: auth_gss.c:131
rpc_gss_data::ctx
gss_ctx_id_t ctx
Definition: auth_gss.c:138
rpc_gss_data::name
gss_name_t name
Definition: auth_gss.c:136
rpc_gss_data::clnt
CLIENT * clnt
Definition: auth_gss.c:135
rpc_gss_data::gc
struct rpc_gss_cred gc
Definition: auth_gss.c:139
rpc_gss_data::sec
struct rpc_gss_sec sec
Definition: auth_gss.c:137

Referenced by authgss_create_default().

◆ authgss_create_default()

AUTH * authgss_create_default ( CLIENT clnt,
char service,
struct rpc_gss_sec sec 
)

Definition at line 210 of file auth_gss.c.

211{
212 AUTH *auth;
213 OM_uint32 maj_stat = 0, min_stat = 0;
214 gss_buffer_desc sname;
215 gss_name_t name = GSS_C_NO_NAME;
216
217 log_debug("in authgss_create_default()");
218
219
220 sname.value = service;
221 sname.length = strlen(service);
222
223 maj_stat = gss_import_name(&min_stat, &sname,
224 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE,
225 &name);
226
227 if (maj_stat != GSS_S_COMPLETE) {
228 log_status("gss_import_name", maj_stat, min_stat);
229 rpc_createerr.cf_stat = RPC_AUTHERROR;
230 return (NULL);
231 }
232
233 auth = authgss_create(clnt, name, sec);
234
235 if (name != GSS_C_NO_NAME) {
236#ifdef DEBUG
237 fprintf(stderr, "authgss_create_default: freeing name %p\n", name);
238#endif
239 gss_release_name(&min_stat, &name);
240 }
241
242 return (auth);
243}
strlen
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
authgss_create
AUTH * authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
Definition: auth_gss.c:148
log_status
void log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
Definition: authgss_prot.c:345
RPC_AUTHERROR
@ RPC_AUTHERROR
Definition: clnt_stat.h:38

◆ authgss_destroy() [1/2]

static void authgss_destroy ( )
static

Referenced by authgss_refresh().

◆ authgss_destroy() [2/2]

static void authgss_destroy ( AUTH auth)
static

Definition at line 580 of file auth_gss.c.

581{
582 struct rpc_gss_data *gd;
583 OM_uint32 min_stat;
584
585 log_debug("in authgss_destroy()");
586
587 gd = AUTH_PRIVATE(auth);
588
589 authgss_destroy_context(auth);
590
591#ifdef DEBUG
592 fprintf(stderr, "authgss_destroy: freeing name %p\n", gd->name);
593#endif
594 if (gd->name != GSS_C_NO_NAME)
595 gss_release_name(&min_stat, &gd->name);
596
597 free(gd);
598 free(auth);
599}
authgss_destroy_context
static void authgss_destroy_context()
AUTH_PRIVATE
#define AUTH_PRIVATE(auth)
Definition: auth_gss.c:143

◆ authgss_destroy_context() [1/2]

static void authgss_destroy_context ( )
static

Referenced by authgss_destroy(), authgss_marshal(), authgss_refresh(), and authgss_validate().

◆ authgss_destroy_context() [2/2]

static void authgss_destroy_context ( AUTH auth)
static

Definition at line 547 of file auth_gss.c.

548{
549 struct rpc_gss_data *gd;
550 OM_uint32 min_stat;
551
552 log_debug("in authgss_destroy_context()");
553
554 gd = AUTH_PRIVATE(auth);
555
556 if (gd->gc.gc_ctx.length != 0) {
557 if (gd->established) {
558 gd->gc.gc_proc = RPCSEC_GSS_DESTROY;
559 clnt_call(gd->clnt, NULLPROC, (xdrproc_t)xdr_void, NULL,
560 (xdrproc_t)xdr_void, NULL, AUTH_TIMEOUT);
561 }
562 gss_release_buffer(&min_stat, &gd->gc.gc_ctx);
563 /* XXX ANDROS check size of context - should be 8 */
564 memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx));
565 }
566 if (gd->ctx != GSS_C_NO_CONTEXT) {
567 gss_delete_sec_context(&min_stat, &gd->ctx, NULL);
568 gd->ctx = GSS_C_NO_CONTEXT;
569 }
570
571 /* free saved wire verifier (if any) */
572 mem_free(gd->gc_wire_verf.value, gd->gc_wire_verf.length);
573 gd->gc_wire_verf.value = NULL;
574 gd->gc_wire_verf.length = 0;
575
576 gd->established = FALSE;
577}
xdr_void
bool_t xdr_void(void)
Definition: xdr.c:92
AUTH_TIMEOUT
static struct timeval AUTH_TIMEOUT
Definition: auth_gss.c:145
RPCSEC_GSS_DESTROY
@ RPCSEC_GSS_DESTROY
Definition: auth_gss.h:70
NULLPROC
#define NULLPROC
Definition: clnt.h:294
clnt_call
#define clnt_call(rh, proc, xargs, argsp, xres, resp, secs)
Definition: clnt.h:202
mem_free
#define mem_free(ptr, bsize)
Definition: types.h:124
FALSE
#define FALSE
Definition: types.h:117
rpc_gss_data::gc_wire_verf
gss_buffer_desc gc_wire_verf
Definition: auth_gss.c:133
rpc_gss_data::established
bool_t established
Definition: auth_gss.c:132
xdrproc_t
bool_t(* xdrproc_t)(XDR *,...)
Definition: xdr.h:144

◆ authgss_get_private_data()

bool_t authgss_get_private_data ( AUTH auth,
struct authgss_private_data pd 
)

Definition at line 246 of file auth_gss.c.

247{
248 struct rpc_gss_data *gd;
249
250 log_debug("in authgss_get_private_data()");
251
252 if (!auth || !pd)
253 return (FALSE);
254
255 gd = AUTH_PRIVATE(auth);
256
257 if (!gd || !gd->established)
258 return (FALSE);
259
260 pd->pd_ctx = gd->ctx;
261 pd->pd_ctx_hndl = gd->gc.gc_ctx;
262 pd->pd_seq_win = gd->win;
263
264 return (TRUE);
265}
TRUE
#define TRUE
Definition: types.h:120
authgss_private_data::pd_ctx_hndl
gss_buffer_desc pd_ctx_hndl
Definition: auth_gss.h:94
authgss_private_data::pd_ctx
gss_ctx_id_t pd_ctx
Definition: auth_gss.h:93
authgss_private_data::pd_seq_win
u_int pd_seq_win
Definition: auth_gss.h:95
rpc_gss_data::win
u_int win
Definition: auth_gss.c:140

◆ authgss_marshal() [1/2]

static bool_t authgss_marshal ( )
static

◆ authgss_marshal() [2/2]

static bool_t authgss_marshal ( AUTH auth,
XDR xdrs 
)
static

Definition at line 275 of file auth_gss.c.

276{
277 XDR tmpxdrs;
278 char tmp[MAX_AUTH_BYTES];
279 struct rpc_gss_data *gd;
280 gss_buffer_desc rpcbuf, checksum;
281 OM_uint32 maj_stat, min_stat;
282 bool_t xdr_stat;
283
284 log_debug("in authgss_marshal()");
285
286 gd = AUTH_PRIVATE(auth);
287
288 if (gd->established)
289 gd->gc.gc_seq++;
290
291 xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE);
292
293 if (!xdr_rpc_gss_cred(&tmpxdrs, &gd->gc)) {
294 XDR_DESTROY(&tmpxdrs);
295 return (FALSE);
296 }
297 auth->ah_cred.oa_flavor = RPCSEC_GSS;
298 auth->ah_cred.oa_base = tmp;
299 auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs);
300
301 XDR_DESTROY(&tmpxdrs);
302
303 if (!xdr_opaque_auth(xdrs, &auth->ah_cred))
304 return (FALSE);
305
306 if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
307 gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
308 return (xdr_opaque_auth(xdrs, &_null_auth));
309 }
310 /* Checksum serialized RPC header, up to and including credential. */
311 rpcbuf.length = XDR_GETPOS(xdrs);
312 XDR_SETPOS(xdrs, 0);
313 rpcbuf.value = XDR_INLINE(xdrs, rpcbuf.length);
314
315 maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
316 &rpcbuf, &checksum);
317
318 if (maj_stat != GSS_S_COMPLETE) {
319 log_status("gss_get_mic", maj_stat, min_stat);
320 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
321 gd->established = FALSE;
322 authgss_destroy_context(auth);
323 }
324 return (FALSE);
325 }
326 auth->ah_verf.oa_flavor = RPCSEC_GSS;
327 auth->ah_verf.oa_base = checksum.value;
328 auth->ah_verf.oa_length = checksum.length;
329
330 xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf);
331 gss_release_buffer(&min_stat, &checksum);
332
333 return (xdr_stat);
334}
RPCSEC_GSS_CONTINUE_INIT
@ RPCSEC_GSS_CONTINUE_INIT
Definition: auth_gss.h:69
xdr_opaque_auth
bool_t xdr_opaque_auth()
xdr_rpc_gss_cred
bool_t xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p)
Definition: authgss_prot.c:48
MAX_AUTH_BYTES
#define MAX_AUTH_BYTES
Definition: auth.h:77
bool_t
int32_t bool_t
Definition: types.h:101
checksum
static cab_ULONG checksum(const cab_UBYTE *data, cab_UWORD bytes, cab_ULONG csum)
Definition: fdi.c:353
RPCSEC_GSS
#define RPCSEC_GSS
Definition: nfs41_ops.h:867
_null_auth
struct opaque_auth _null_auth
Definition: rpc_commondata.c:37
__auth::ah_cred
struct opaque_auth ah_cred
Definition: auth.h:206
__auth::ah_verf
struct opaque_auth ah_verf
Definition: auth.h:207
__rpc_xdr
Definition: xdr.h:103
XDR_INLINE
#define XDR_INLINE(xdrs, len)
Definition: xdr.h:209
XDR_ENCODE
@ XDR_ENCODE
Definition: xdr.h:85
XDR_SETPOS
#define XDR_SETPOS(xdrs, pos)
Definition: xdr.h:204
XDR_DESTROY
#define XDR_DESTROY(xdrs)
Definition: xdr.h:214
XDR_GETPOS
#define XDR_GETPOS(xdrs)
Definition: xdr.h:199
xdrmem_create
void xdrmem_create(XDR *xdrs, char *addr, u_int size, enum xdr_op op)
Definition: xdr_mem.c:94

◆ authgss_nextverf() [1/2]

static void authgss_nextverf ( )
static

◆ authgss_nextverf() [2/2]

static void authgss_nextverf ( AUTH auth)
static

Definition at line 268 of file auth_gss.c.

269{
270 log_debug("in authgss_nextverf()");
271 /* no action necessary */
272}

◆ authgss_refresh() [1/2]

static bool_t authgss_refresh ( )
static

Referenced by authgss_create().

◆ authgss_refresh() [2/2]

static bool_t authgss_refresh ( AUTH auth)
static

Definition at line 391 of file auth_gss.c.

392{
393 struct rpc_gss_data *gd;
394 struct rpc_gss_init_res gr;
395 gss_buffer_desc *recv_tokenp, send_token;
396 OM_uint32 maj_stat, min_stat, call_stat, ret_flags;
397
398 log_debug("in authgss_refresh()");
399
400 gd = AUTH_PRIVATE(auth);
401
402 if (gd->established)
403 return (TRUE);
404
405 /* GSS context establishment loop. */
406 memset(&gr, 0, sizeof(gr));
407 recv_tokenp = GSS_C_NO_BUFFER;
408
409#ifdef DEBUG
410 print_rpc_gss_sec(&gd->sec);
411#endif /*DEBUG*/
412
413 for (;;) {
414#ifdef DEBUG
415 /* print the token we just received */
416 if (recv_tokenp != GSS_C_NO_BUFFER) {
417 log_debug("The token we just received (length %d):",
418 recv_tokenp->length);
419 log_hexdump(recv_tokenp->value, recv_tokenp->length, 0);
420 }
421#endif
422 maj_stat = gss_init_sec_context(&min_stat,
423 gd->sec.cred,
424 &gd->ctx,
425 gd->name,
426 gd->sec.mech,
427 gd->sec.req_flags,
428 0, /* time req */
429 NULL, /* channel */
430 recv_tokenp,
431 NULL, /* used mech */
432 &send_token,
433 &ret_flags,
434 NULL); /* time rec */
435
436 if (recv_tokenp != GSS_C_NO_BUFFER) {
437 gss_release_buffer(&min_stat, &gr.gr_token);
438 recv_tokenp = GSS_C_NO_BUFFER;
439 }
440 if (maj_stat != GSS_S_COMPLETE &&
441 maj_stat != GSS_S_CONTINUE_NEEDED) {
442 log_status("gss_init_sec_context", maj_stat, min_stat);
443 break;
444 }
445 if (send_token.length != 0) {
446 memset(&gr, 0, sizeof(gr));
447
448#ifdef DEBUG
449 /* print the token we are about to send */
450 log_debug("The token being sent (length %d):",
451 send_token.length);
452 log_hexdump(send_token.value, send_token.length, 0);
453#endif
454
455 call_stat = clnt_call(gd->clnt, NULLPROC,
456 (xdrproc_t)xdr_rpc_gss_init_args,
457 &send_token,
458 (xdrproc_t)xdr_rpc_gss_init_res,
459 (caddr_t)&gr, AUTH_TIMEOUT);
460
461 gss_release_buffer(&min_stat, &send_token);
462
463 if (call_stat != RPC_SUCCESS ||
464 (gr.gr_major != GSS_S_COMPLETE &&
465 gr.gr_major != GSS_S_CONTINUE_NEEDED))
466 return FALSE;
467
468 if (gr.gr_ctx.length != 0) {
469 if (gd->gc.gc_ctx.value)
470 gss_release_buffer(&min_stat,
471 &gd->gc.gc_ctx);
472 gd->gc.gc_ctx = gr.gr_ctx;
473 }
474 if (gr.gr_token.length != 0) {
475 if (maj_stat != GSS_S_CONTINUE_NEEDED)
476 break;
477 recv_tokenp = &gr.gr_token;
478 }
479 gd->gc.gc_proc = RPCSEC_GSS_CONTINUE_INIT;
480 }
481
482 /* GSS_S_COMPLETE => check gss header verifier,
483 * usually checked in gss_validate
484 */
485 if (maj_stat == GSS_S_COMPLETE) {
486 gss_buffer_desc bufin;
487 gss_buffer_desc bufout;
488 u_int seq, qop_state = 0;
489
490 seq = htonl(gr.gr_win);
491 bufin.value = (unsigned char *)&seq;
492 bufin.length = sizeof(seq);
493 bufout.value = (unsigned char *)gd->gc_wire_verf.value;
494 bufout.length = gd->gc_wire_verf.length;
495
496 maj_stat = gss_verify_mic(&min_stat, gd->ctx,
497 &bufin, &bufout, &qop_state);
498
499 if (maj_stat != GSS_S_COMPLETE
500 || qop_state != gd->sec.qop) {
501 log_status("gss_verify_mic", maj_stat, min_stat);
502 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
503 gd->established = FALSE;
504 authgss_destroy_context(auth);
505 }
506 return (FALSE);
507 }
508 gd->established = TRUE;
509 gd->gc.gc_proc = RPCSEC_GSS_DATA;
510 gd->gc.gc_seq = 0;
511 gd->win = gr.gr_win;
512 break;
513 }
514 }
515 /* End context negotiation loop. */
516 if (gd->gc.gc_proc != RPCSEC_GSS_DATA) {
517 if (gr.gr_token.length != 0)
518 gss_release_buffer(&min_stat, &gr.gr_token);
519
520 authgss_destroy(auth);
521 auth = NULL;
522 rpc_createerr.cf_stat = RPC_AUTHERROR;
523
524 return (FALSE);
525 }
526 return (TRUE);
527}
authgss_destroy
static void authgss_destroy()
RPCSEC_GSS_DATA
@ RPCSEC_GSS_DATA
Definition: auth_gss.h:67
log_hexdump
void log_hexdump(bool_t on, const u_char *title, const u_char *buf, int len, int offset)
Definition: auth_sspi.c:942
print_rpc_gss_sec
void print_rpc_gss_sec(struct rpc_sspi_sec *ptr)
Definition: auth_sspi.c:859
xdr_rpc_gss_init_res
bool_t xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p)
Definition: authgss_prot.c:86
xdr_rpc_gss_init_args
bool_t xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)
Definition: authgss_prot.c:70
RPC_SUCCESS
@ RPC_SUCCESS
Definition: clnt_stat.h:22
u_int
UINT32 u_int
Definition: types.h:82
htonl
#define htonl(x)
Definition: module.h:214
caddr_t
char * caddr_t
Definition: rosdhcp.h:36
rpc_gss_init_res
Definition: auth_gss.h:117

◆ authgss_service()

bool_t authgss_service ( AUTH auth,
int  svc 
)

Definition at line 530 of file auth_gss.c.

531{
532 struct rpc_gss_data *gd;
533
534 log_debug("in authgss_service()");
535
536 if (!auth)
537 return(FALSE);
538 gd = AUTH_PRIVATE(auth);
539 if (!gd || !gd->established)
540 return (FALSE);
541 gd->sec.svc = svc;
542 gd->gc.gc_svc = svc;
543 return (TRUE);
544}

◆ authgss_unwrap() [1/2]

static bool_t authgss_unwrap ( )
static

◆ authgss_unwrap() [2/2]

bool_t authgss_unwrap ( AUTH auth,
XDR xdrs,
xdrproc_t  xdr_func,
caddr_t  xdr_ptr 
)

Definition at line 619 of file auth_gss.c.

620{
621 struct rpc_gss_data *gd;
622
623 log_debug("in authgss_unwrap()");
624
625 gd = AUTH_PRIVATE(auth);
626
627 if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
628 return ((*xdr_func)(xdrs, xdr_ptr));
629 }
630 return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
631 gd->ctx, gd->sec.qop,
632 gd->sec.svc, gd->gc.gc_seq));
633}
RPCSEC_GSS_SVC_NONE
@ RPCSEC_GSS_SVC_NONE
Definition: auth_gss.h:75
xdr_rpc_gss_data
bool_t xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop, rpc_gss_svc_t svc, u_int seq)
Definition: authgss_prot.c:251

◆ authgss_validate() [1/2]

static bool_t authgss_validate ( )
static

◆ authgss_validate() [2/2]

static bool_t authgss_validate ( AUTH auth,
struct opaque_auth verf 
)
static

Definition at line 337 of file auth_gss.c.

338{
339 struct rpc_gss_data *gd;
340 u_int num, qop_state;
341 gss_buffer_desc signbuf, checksum;
342 OM_uint32 maj_stat, min_stat;
343
344 log_debug("in authgss_validate()");
345
346 gd = AUTH_PRIVATE(auth);
347
348 if (gd->established == FALSE) {
349 /* would like to do this only on NULL rpc --
350 * gc->established is good enough.
351 * save the on the wire verifier to validate last
352 * INIT phase packet after decode if the major
353 * status is GSS_S_COMPLETE
354 */
355 if ((gd->gc_wire_verf.value =
356 mem_alloc(verf->oa_length)) == NULL) {
357 fprintf(stderr, "gss_validate: out of memory\n");
358 return (FALSE);
359 }
360 memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length);
361 gd->gc_wire_verf.length = verf->oa_length;
362 return (TRUE);
363 }
364
365 if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
366 gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
367 num = htonl(gd->win);
368 }
369 else num = htonl(gd->gc.gc_seq);
370
371 signbuf.value = &num;
372 signbuf.length = sizeof(num);
373
374 checksum.value = verf->oa_base;
375 checksum.length = verf->oa_length;
376
377 maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf,
378 &checksum, &qop_state);
379 if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) {
380 log_status("gss_verify_mic", maj_stat, min_stat);
381 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
382 gd->established = FALSE;
383 authgss_destroy_context(auth);
384 }
385 return (FALSE);
386 }
387 return (TRUE);
388}
mem_alloc
#define mem_alloc(bsize)
Definition: types.h:123
num
GLuint GLuint num
Definition: glext.h:9618
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
opaque_auth::oa_length
u_int oa_length
Definition: auth.h:198
opaque_auth::oa_base
caddr_t oa_base
Definition: auth.h:197

◆ authgss_wrap() [1/2]

static bool_t authgss_wrap ( )
static

◆ authgss_wrap() [2/2]

bool_t authgss_wrap ( AUTH auth,
XDR xdrs,
xdrproc_t  xdr_func,
caddr_t  xdr_ptr 
)

Definition at line 602 of file auth_gss.c.

603{
604 struct rpc_gss_data *gd;
605
606 log_debug("in authgss_wrap()");
607
608 gd = AUTH_PRIVATE(auth);
609
610 if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
611 return ((*xdr_func)(xdrs, xdr_ptr));
612 }
613 return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
614 gd->ctx, gd->sec.qop,
615 gd->sec.svc, gd->gc.gc_seq));
616}

Variable Documentation

◆ AUTH_TIMEOUT

struct timeval AUTH_TIMEOUT = { 25, 0 }
static

Definition at line 145 of file auth_gss.c.

Referenced by authgss_destroy_context(), and authgss_refresh().

◆ authgss_ops

struct auth_ops authgss_ops
static
Initial value:
= {
authgss_nextverf,
authgss_marshal,
authgss_validate,
authgss_refresh,
authgss_destroy,
authgss_wrap,
authgss_unwrap
}
authgss_nextverf
static void authgss_nextverf()
authgss_validate
static bool_t authgss_validate()
authgss_unwrap
static bool_t authgss_unwrap()
authgss_marshal
static bool_t authgss_marshal()
authgss_wrap
static bool_t authgss_wrap()

Definition at line 71 of file auth_gss.c.

Referenced by authgss_create().